CN105144655A - Proximity discovery, authentication and link establishment between communication mobile devices in 3GPP LTE - Google Patents

Proximity discovery, authentication and link establishment between communication mobile devices in 3GPP LTE Download PDF

Info

Publication number
CN105144655A
CN105144655A CN201480018193.1A CN201480018193A CN105144655A CN 105144655 A CN105144655 A CN 105144655A CN 201480018193 A CN201480018193 A CN 201480018193A CN 105144655 A CN105144655 A CN 105144655A
Authority
CN
China
Prior art keywords
identifier
data
source device
target device
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201480018193.1A
Other languages
Chinese (zh)
Other versions
CN105144655B (en
Inventor
F.弗兰森
P.维尤根
S.德基伊维特
M.埃弗特斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek TNO
Koninklijke KPN NV
Original Assignee
Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek TNO
Koninklijke KPN NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek TNO, Koninklijke KPN NV filed Critical Nederlandse Organisatie voor Toegepast Natuurwetenschappelijk Onderzoek TNO
Priority to CN201910188008.8A priority Critical patent/CN110034940B/en
Publication of CN105144655A publication Critical patent/CN105144655A/en
Application granted granted Critical
Publication of CN105144655B publication Critical patent/CN105144655B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1845Arrangements for providing special services to substations for broadcast or conference, e.g. multicast broadcast or multicast in a specific location, e.g. geocast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/189Arrangements for providing special services to substations for broadcast or conference, e.g. multicast in combination with wireless systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W72/00Local resource management
    • H04W72/30Resource management for broadcast services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5038Address allocation for local use, e.g. in LAN or USB networks, or in a controller area network [CAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/59Network arrangements, protocols or services for addressing or naming using proxies for addressing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/16Interfaces between hierarchically similar devices
    • H04W92/18Interfaces between hierarchically similar devices between terminal devices

Abstract

The invention enables a device to discover one or more other devices within range for a device-to-device mode of communication. This proximity discovery may trigger a target device, e.g. to start listening to signals from a source device or perform any other action based on the proximity discovery like e.g. charging at a toll gate. A source device that wants to be discovered broadcasts a message including an identifier or a representation of the identifier. This identifier may be an identifier of the target device to be contacted or of the source device or a derivation thereof or a common security association used by a set of peers. The target device compares the broadcast identifier with a known identifier to establish proximity discovery.

Description

Close discovery between communicating mobile devices in 3GPP LTE, certification and link establishment
Technical field
The present invention relates to the close of communication equipment to find.More specifically, the present invention relates to the close of equipment that can cause the device-to-device communication session set up between equipment to find.
Background technology
Latest developments in 3GPP standard relate to Long Term Evolution (LTE) network and equipment.Also 4G(and forth generation is known as) LTE of mobile communication standard is the standard of the radio communication for the high-speed data for mobile phone and data terminal.It is that GSM/EDGE(is also known as 2G or 2.5G) and UMTS/HSPA(be also known as 3G) succession, using different radio electrical interface to improve together with core network increases capacity and speed.Nearest LTE expansion allows the base station near the traditional communication then exclusively between base station with mobile device, direct or use to communicate as the device-to-device (D2D) of relay station.In LTE, device-to-device communication is also known as LTE-Direct communication.
Use-case for LTE-Direct communication is known from 3GPP technical report TR22.803.In the first use-case, Alice in session and want that the friend Bob's detecting her is close.The Direct Model that Alice connects for her friend Bob finds.To this, message sends to her mobile operator informing her and want to use Direct Model and is findable for Bob particularly by the phone of Alice.Alice and Bob is classified as a pair by the Direct Model server of mobile operator.Then, if network detect Bob and Alice near (such as they be arranged in identical network cell or by certain other mechanism), then its notice Alice and Bob and send information to them, they can utilize this information reliably to identify each other and can not reveal their privacy.In the second use-case, relate to public safety service, such as fire brigade, police and immediate care.Such as, enter do not have the fireman of chlamydate building want can with colleague talk.In this example, equipment can find each other and set up safe and certified connection.
When to be in each other neighbouring for the fixing of such as phone and machine type communication (MTC) equipment and so on and/or mobile device, device-to-device communication session can be set up between devices, such as use LTE-Direct or any miscellaneous equipment to devices communicating standard when LTE mobile device, such as, based on IEEE802.11, IEEE802.16, IEEE802.20, bluetooth, Wi-Fi or WiMax.To this, equipment usually detects existence each other and notifies close about another equipment of user.
Generally speaking, network can assist the close of discovering device.To this, network determines that two equipment may be in vicinity each other and may be close to each other is informed to relevant device.Network may not determine that equipment can also reach, and equipment must perform farther close test in this case, such as will by the identifier of equipment acquisition near other by broadcast.
Alternatively, close discovery is directly performed by equipment.In this case, the usual broadcast identifier of equipment and find the miscellaneous equipment in broadcast identifier.Known bluetooth device has such close to ability of discovery.
In arbitrary solution (network-assisted or direct close discovery), the identifier of relevant device is broadcasted by relevant device or otherwise transmits.Usually, identifier is static, thus makes likely by following the trail of independent equipment with aturegularaintervals listening broadcast identifier simply.The destruction of such privacy of user is highly undesirably.
Known to finding that another defect of solution is, they are used to find independent equipment.Existence is for the needs selecting Finding possibility solution, and it makes it possible to realize the close discovery of independent equipment and close both discoveries of equipment group.Then user such as can regulate the Finding possibility of his/her equipment, to make it only for a limited number of device identification self, such as, in a meeting only for the equipment of colleague or the equipment only for friend on pop concert.The close of equipment in group preferably should not be understood for the miscellaneous equipment in the scope of device-to-device communication.
There are the needs for following solution: it makes it possible to realize respecting the close of the equipment in the controlled radio network of privacy and finds, allow to select Finding possibility, and preferably in offered load and necessary rated output, there is low distribution (profile).
Summary of the invention
The object of this invention is to provide following solution: it makes it possible to realize respecting the close of the equipment in the controlled radio network of privacy and finds, allow to select Finding possibility, and preferably in offered load and necessary rated output, there is low distribution.The present invention for can carrying out device-to-device communication and wanting to find to be particularly useful for the equipment for equipment near device-to-device communication session, but is not limited to this.
According to an aspect of the present invention, propose a kind of between source device and one or more target device close to the method that finds.The method is included in the first data receiving in source device and comprise identifier.The method is also included in target device the first the second data represented receiving and comprise identifier.The method also comprises the second signal represented being comprised identifier by source device broadcast.The method is also included in target device and receives this signal.The method be also included in target device represent first of identifier to represent with second of identifier compared with to obtain the close comparative result found being used for being successfully established.
Whether the identifier during the first expression of the usual indicator identifiers of thus obtained comparative result and second represents can mate.In this case, then can infer close to finding successfully.
Replace identifier, source device advantageously broadcasts the growth (derivation) that the target device of only specifying or target device group can relate to the identifier of source device.Thus, target device can recognize in broadcast, who such as infers that source device is in the scope, in scope such as device-to-device communication session, or be in scope based on source device and trigger any action, such as, charging in charge station.Meanwhile, the identity of source device is not traceable.
In an embodiment of the present invention, the method can also comprise the acknowledge message depending on comparative result from target device to source device transmission.This advantageously makes source device to recognize, and target device is in scope.
In another embodiment, identifier can be the interim broadcast identifier identifying target device uniquely, and identifier can be able to be associated with source device by target device.This advantageously makes source device to transmit to seem for earwig can not the identifier of linked to source equipment, thus makes source device untraceable.Identifier can be associated with source device by target device.
In another embodiment, source device and one or more target device can forming device groups and identifier can marking equipment group.This advantageously makes it possible to realize target equipment group and is not only that the close of a target device finds.
In another embodiment, the first expression of identifier, identifier and second of identifier represent it can is identical.
In another embodiment, source device and one or more target device can be configured to be communicatively connected to network, and the first data and the second data can receive from the server network.Alternatively, the first data and the second data can receive from source device.This advantageously makes network can be involved or operate in and do not have in the stand-alone mode of network.
In another embodiment of the invention, the method can also be included in target device the 3rd the 3rd data represented receiving and comprise identifier.First of identifier represents it can is the growth of the identifier obtained by the first mathematical function, and this first mathematical function uses identifier and random number to carry out the growth of compute identifiers as input.The 3rd of identifier represents it can is random number.Comparison step can comprise the growth using second mathematical function identical with the first mathematical function to carry out compute identifiers, and this second mathematical function uses the second expression of identifier and the 3rd of identifier to represent as input.Compared with comparison step can also comprise and to be represented with first of identifier by the growth calculated of identifier.Random number can be the random number generated in server or source device.Alternatively, random number can be generate in server or source device add salt figure (salt).Alternatively, random number can be the growth of the other random number obtained in server or source device by the 3rd mathematical function, and the 3rd mathematical function uses the source identifier of other random number and identification sources equipment to calculate the growth of random number as input.
This advantageously adds level hard to understand to exchanged identifier, thus makes more to be difficult to tracing equipment.
In another embodiment, the second data can also comprise bill (ticket) identifier.The method can also be included in source device and receive from server the bill data comprising ticket identifier, the first data and the 4th data.The method can also comprise from target device to server transmit ticket identifier to obtain the copy of the 4th data be associated with ticket identifier.The method can also be included in the copy receiving the 4th data in target device from server.The copy that acknowledge message can comprise the 4th data is verified for utilizing the 4th data in source device.
Ticket checking (ticketing) advantageously makes likely to follow the trail of and attempts close to finding.Tracking can such as be attempted for charging to close to finding or charge to it.
In another embodiment, the method can also comprise and being charged to from source device or target device request first data, the second data and/or bill data by the operator of server.This advantageously makes it possible to close to finding that trial is charged, possibly only to successfully attempting close to finding.
In another embodiment, the method can also be included in target device and receive the first challenge data from source device.The method can also be included in target device and use the 4th mathematical function (such as hash function) the first challenge data to be calculated to the first challenge data derived from.Acknowledge message can also comprise the first challenge data and second challenge data of derivation.The method can also be included in use five mathematical function identical with the 4th mathematical function in source device and the first challenge data be calculated to the first challenge data derived from, for compared with the first challenge data of received derivation.The method can also be included in source device and use the 6th mathematical function the second challenge data to be calculated to the second challenge data derived from.The method can also comprise by derive from the second challenge data send target device to.The method can also be included in use seven mathematical function identical with the 6th mathematical function in target device and the second challenge data be calculated to the second challenge data derived from, for compared with the second challenge data of received derivation.
This advantageously adds lsafety level with the form of challenge-response certification to the exchange of identifier.
In another embodiment, bill data can also comprise encryption key.The method can also be included in target device and receive from server the encryption key be associated with ticket identifier in the server.Four, the 5th, the 6th and the 7th mathematical function can comprise the encryption function using encryption key.
This advantageously adds lsafety level to the exchange of identifier.
According to an aspect of the present invention, a source device is proposed, its be arranged to use one or more steps of said method perform with one or more target device close to discovery procedure.
According to an aspect of the present invention, a kind of target device is proposed, its be arranged to use one or more steps of said method perform with source device close to discovery procedure.
According to an aspect of the present invention, propose a kind of network, it comprises source device as described above and one or more target device as described above.
After this, by embodiment of the present invention will be described in more detail.But should understand, these embodiments can be not interpreted as and limit the scope of the invention.
Accompanying drawing explanation
Each aspect of the present invention is explained in more detail by by referring to the exemplary embodiment shown in figure, in the various figures:
Fig. 1-6 be according to exemplary embodiment of the present invention close to discovery procedure, it is visualized as source device, target device and the sequential chart alternatively between server.
Embodiment
In the following description, word " equipment ", " terminal " and " subscriber equipment (UE) " are appreciated that as the fixing or end user of movement or the synonym of MTC device." peer-to-peer (peer) " is appreciated that the end-user device for any fixing or movement that can relate in device-to-device communication.
In the communication of device-to-device pattern, equipment direct communication, does not namely use fixing or wireless network.Device-to-device communication link can use base station for repeating signal between devices, but will not use the other network function of the network of base station.Peer-to-peer can be connected to the wireless of the communication of then device-to-device pattern or fixed network.
The equipment that the invention enables can find for the one or more miscellaneous equipments in the scope of the communication of device-to-device pattern.This, close to find can trigger target equipment, such as to start to monitor from the signal of source device or to perform other action any based on close to finding, such as, is charged as in charge station.Can cause setting up the device-to-device between source device with target device to communicate close to finding.
The identity of equipment or the expression of identity exchanged to make it possible to realize close to finding.This identifier exchange come by this way: equipment not by the transmission to equipment monitoring or eavesdrop and obtain transmitted identifier and follow the trail of.By untraceable, the privacy of the user of equipment increases.
In order to set up the device-to-device communication session between two or more equipment of having to the fixing of network or wireless connections, equipment can alternatively before beginning is close to discovery procedure by indicating it want findable or find certain (certain group) peer-to-peer and trigger miscellaneous equipment to the server in network.Before close to discovery procedure, network, third party (such as top provider or other third party any) or equipment self detect peer-to-peer nearby usually.
As the part close to discovery procedure, the source device broadcast be found is wanted to comprise the message of the expression of identifier or identifier.The common security association that this identifier can be the identifier of the target device that will contact or the identifier of source device or its growth or be used by one group of peer-to-peer.Preferably, equipment can not broadcast himself in the clear identifier to avoid the traceability of equipment.
Identifier can be interim broadcast identifier (T-BID) and can change in time.T-BID can change by being supplied by the opposing party, such as, by providing the network of new identifier for equipment or by providing the top service of new identifier, i.e. the external parties of the network of such as Facebook, Google+ or Whatsapp and so on.(namely T-BID can carry out by means of network, do not use the communication of device-to-device pattern) two equipment between communication session or such as such as WiFi, bluetooth, NFC or video camera and screen communication and so on any other be connected and change, such as, by the temporary identifier that makes devices exchange new or random value (the random)/algorithm for calculating new temporary identifier.T-BID can change by means of algorithm, such as comprise the time, two (or more) number of times, the random value provided by the third party of such as Virtual network operator or top service provider and so on or the random value adding salt figure and/or transmit with encryption/hash identifier simultaneously of having set up device-to-device to connect between equipment.
As the part close to discovery procedure, target device extracts necessary information (such as by deciphering, again hash or simply compared with a row known identities) from broadcast.Whom source device can understand in the mode broadcasted to broadcast its identity with the target device of only specifying.
Alternatively, target device makes response by acknowledge message is sent to source device: it hears another equipment and it can be used for device-to-device communication.Optional acknowledgment message can comprise the response for the challenge that can be included in initial broadcast.Optional acknowledgment message can comprise data, can set up by source device and the known common secret of target device for authentication purpose from these data.
After successfully close to discovery, can device-to-device be set up between devices to connect.
May be used for setting up safe device-to-device to connect close to discovery procedure.Can be close desirably checking two equipment certification each other (such as to prevent man-in-the-middle attack) and network can to have certain and control (such as close to finding to charge) how setting up on connection.Can comprise three-way handshake process close to discovery, it can realize as follows for this reason:
1. random value (challenge) is sent to target device by source device in the broadcast identical with T-BID;
2. target device calculates hash (challenge || common secret), wherein common secret can be such as random value, add salt figure or common T-BID.Target device generates other random answer, and it has and comprises other random value || the message of hash (challenge || common secret).
3. source device can be verified hash (challenge || common secret) and have the answer of the message comprising hash (other random value || common secret).
4. target device can verify hash (other random value || common secret) and both source device and target device are all known and had identical common secret and certification each other now.
In following exemplary embodiment of the present invention, by explain in more detail above-outlined close to discovery procedure.
Different types of identifier may be used for close in discovery procedure, and its example is broadcast identifier (BID), interim broadcast identifier (T-BID), the specific broadcast identifier of group (GT-BID), friend's specific (temporarily) broadcast identifier (F (T)-BID) and security association (temporarily) broadcast identifier (SA (T)-BID).Broadcast identifier is GUID, and it is broadcasted to declare the existence of a certain equipment by share medium or calls out someone.The BID of " friend "/miscellaneous equipment that equipment can be broadcasted its BID growth or will be called out.Interim broadcast identifier is the broadcast identifier only for finite quantity time or use or geographical position.The exception of this rule is that wherein so-called " disposable T-BID " obtains from T-BID and be broadcasted as an alternative.Group specific (T-) BID is the broadcast identifier being applicable to group.This means that all devices in group monitors this BID.Friend specific (T-) BID is the broadcast identifier only shared between two friend/equipment.Security association (T-) BID is the broadcast identifier being applicable to security association.This means that then they monitor identical broadcast identifier if two collaborative share security associations.
Usually, proximity test is before close to discovery procedure.In the proximity test stage, equipment receives their close information.Close in discovery procedure, whether the one or more equipment determination device-to-device communication receiving their close information may.There is the various ways performing proximity test.Such as, network can detect and notify that two peer-to-peers are close.This can be favourable, first because equipment only when notify by network must broadcast identifier, this causes the lower use of lower battery depletion and broadcast channel, and secondly because network (in identical message) can provide identifier and (alternatively) encrypted material.Additionally or alternatively, top service provider or third party notify peer-to-peer they are close.Additionally or alternatively, user can activate the equipment be in each other.This can be favourable for those situations following: wherein there is not the network coverage and have people to want to set up device-to-device to connect.When there is the network coverage, the method can remain favourable, such as, for the peer-to-peer not yet known about one another, such as, when you meet new person and want exchanging telephone number.
Fig. 1-6 shows exemplary embodiment of the present invention, is wherein visualized as the sequential chart between source device 1, target device 2 and the server 3 alternatively in network close to discovery procedure.It is to be noted there is multiple target device 2.Arrow designation data stream.The work that stain indicating equipment place performs.Reference marker designation data element between bracket " { } ".Dotted line instruction optional step.
In FIG, in source device 1, the first data 11 that 101 comprise identifier 12 are received.First data 11 can be derived from external server or be derived from source device 1 self.In the later case, source device 1 generating identification symbol 12.In target device 2, receive 102 comprise the second data 20 that first of identifier 12 represents 21.Second data 20 can be derived from external server or be derived from source device 1.Next, source device 1 is broadcasted 103 and is comprised the signal 103 that second of identifier 12 represents 31, and it is received 104 in target device 2.Target device 2 represent first of identifier 12 21 represent 31 with second of identifier 12 compared with 105.Whether the identifier during first and second of thus obtained comparative result indicator identifiers represents can mate.In this case, then can infer close to finding successfully, and it can report that 106 to source device 1 alternatively in acknowledge message 40.
Fig. 2 shows embodiment based on bill and network-assisted, and it advantageously makes it possible to the use by detecting bill and is charged to close to finding by Virtual network operator.
Close to find before, source device 1 notify in 201 networks or third party place server 3 its want to find one or more target device 2.Network or third party can know in these aforementioned target device 2 which be findable or can find and these are listed as peer-to-peer, such as because equipment have network or third party place subscription and tracked, or because equipment be notified of network or third party.
Server 3 provides with the bill of the form of bill data 10 for source device 1, wherein identifier 12 is given source device 1 to broadcast 103 to reach each of its peer-to-peer 2.The identifier 21 that the peer-to-peer 2 that network 3 goes back notification source equipment 1 should be monitored about them.With first of identifier 12 or identifier 12, identifier 21 can represent that 21 is identical.
Network can comprise source device 1 at bill 10 alternatively can be used for the security association 14 of the connection setting up to one of its peer-to-peer 2 safely, such as encryption key.Similarly, security association 14 may be sent to target device 2 by network 3, but from the angle of charging, may close desirably ask whole bill just to send it once target device 2.Reason is, in this case, network can determine successful discovery, this means that it allows charge.Alternatively, when network 3 detect two peer-to-peers 1,2 near time, network can send key 14.In this case, network 3 relates to setting up of proximity test or connection.This is favourable for key freshness.In addition, network 3 need not keep for all devices for peer-to-peer utilizing key to register.
Network 3 can send the growth 21 of identifier 12 and/or identifier 12 when wanting proximity test.
For each of its peer-to-peer 2, source device 1 has the bill 10 comprising following information now: ticket identifier 22; Alternatively, the common secret that will use in optional challenge responses system or random value; Identifier 12,21, such as the first equipment 1 can be used for reaching the T-BID of target device 2; Alternatively, other identifier 13, such as target device 2 can use the T-BID reaching the first equipment 1 in its response.Other identifier 13 is also known as the 4th data in the exemplary embodiment.
Alternatively, the master encryption keys of other key can be obtained from it or a group key (cryptographic key and tegrity protection key) can be included in bill data 10.
Peer-to-peer 1, each of 2 has following information now in memory: T-BID12,21(or its represent) to monitor source device 1 and relevant to it; Common secret identical alternatively or random value; Ticket identifier 22; Master encryption keys or a group key (cryptographic key and tegrity protection key) of other key can be obtained alternatively from it.
At a certain time point subsequently, network or third party/top provider can detection resources equipment and target device nearby (and still can find namely do not have user to change their setting each other).Network or third party notify the first equipment, and they are close.
Advantage herein based on the system of bill becomes obvious: need not to be network and carry out proximity test, this means once network has issued the bill 10 comprising key 14, then key 14 can be only supplied to target device 2 and present the bill to source device 1 by it.
First equipment 1 is broadcasted 103 and is comprised the signal 30 of the interim broadcast identifier received in the early time or it second represents 31, its by target device 2 receive 104.
Alternatively, this mechanism can be expanded challenge responses system.In this case, the broadcast 103 of identifier 31 can be also referred to as the first challenge data 32 in the exemplary embodiment together with challenge 32() carry out, target device 2 can provide correct answer to it.
After target device 2 receives broadcast, it uses acknowledge message 106 to answer it to target device 1 alternatively and obtains message.Alternatively, as described above, target device 2 when receiving broadcast 103 from the complete bill of network retrieval (comprising key).Alternatively, target device 2 calculate 114 its to the answer of challenge 32, alternatively it be encrypted and carry out answer 106 to the first equipment 1.
Answer 106 for challenge 32 can have hashed form (challenge 32|| common secret).When receiving, source device 1 can carry out identical calculations and verify that 115 answers are identical.Being replying the advantage be also encrypted, replying the brute force or rainbow attack that are not subject on hash function.Although solution remains safe when not encrypting.
Target device 2 can also comprise challenge 43(in its answer and be also referred to as the second challenge data 43 in the exemplary embodiment).This can be another random value generated by target device 2.
Source device calculates 116 hash (challenge 43|| common secret) alternatively and utilizes the second challenge data value 33 of this derivation to reply 117 target devices 2, and it can verify that source device 1 has the correct hash (challenge 43|| common secret) calculated then.Based on the security association all had now, safe and certified connection 202 can be set up alternatively.
Single bill 10 can repeatedly use, but suggestion is limited to low number of times to avoid following the trail of broadcast T-BID.This means after the unsuccessful broadcast (such as can not reach peer-to-peer) of T-BID, unused stamp also may be released according to 10.
Can expect that someone wants to reuse identical bill when untraceable.To this except Fig. 2, the solution that presents in Fig. 4 and Fig. 6 can also be used and hereafter for the solution described by group addresing.
In network-assisted embodiment shown in figs. 3 and 4, identifier is preloaded in peer-to-peer 1, in 2, and is that peer-to-peer is prenoticed to network by source device 1 and (multiple) target device 2.
With reference to Fig. 2, before close to discovery, source device 1 is wanted to find that one or more target device 2 informs network 3.Network 3 know in these aforementioned target device 2 which be findable or can find and they are listed as right.Thus network can detect that source device 1 and target device 2 are and notify them nearby.
Indicated by frame 203 close to these steps before finding.
A certain appointed interval place (such as in night or any interim At All Other Times), will may be used for for equipment 1, one group of T-BID12,21(in the close discovery of each of 2 or other identifier 12,21) give 101,102 peer-to-peers 1,2.From network, 101 identifiers 12 are received source device 1 to this in the first data 11, and in the second data from network receive (multiple) target device 2 102 in this example can be identical with identifier 12 identifier 21.T-BID12 in this example, 21 is the specific T-BID of peer-to-peer.Equally, peer-to-peer 1,2 are provided 101,102 T-BID12 will used with another equipment, 21.Alternatively, peer-to-peer 1,2 also receive 101,102 general T-BID12,21(GenT-BID), it may be used for the Finding possibility of equipment group.This GenT-BID12,21 are also distributed to each paired equipment.Each peer-to-peer 1,2 has now possibility and looks like the such registration of following form (registry) (this example is effective for source device 1):
Want to use general T-BID31(i.e. " a " at source device 1) contact any concrete target device 2 or in anyone findable situation, is be broadcasted 103 and the T-BID31(of received 104 is i.e. " b " target device 2 by signal 30 from source device 1 in the broadcast side of form, " c ", " d " and " e ").Is the broadcast that source device 1 should be monitored when peer-to-peer finds on the receiver side of form.Therefore, if source device 1 is wanted to reach first object equipment 2, then it should broadcast 103 " b ".Alternatively, if source device 1 is wanted for having its general T-BID, anyone is findable, then its broadcast 103 " a ".On the receiving side, source device 1 should monitor last two row.If any value (" j ", " k ", " m ", " n ") in last row is broadcasted, then it can infer that one of 105 its peer-to-peers 2 and just attempting reaching source device 1 nearby.If any value in middle column (" f ", " g ", " h ", " i ") is broadcasted, then source device 1 know one of its peer-to-peer 2 nearby and the general T-BID that they broadcast them exist only to make to know their.
Be appreciated that the mode storing registration is arbitrary.Table format is only example, can use other form any stored value.Identifier 12,21 are rendered as alphabetic(al) letter.Be appreciated that identifier can have any binary value, decimal value, hexadecimal value, word value, double word value, string value etc. of any length.
The embodiment of Fig. 3 allows broadcast GenT-BID31 or several concrete T-BID31 simply and do not have about whose nigh prior knowledge.This is at peer-to-peer 1,2 current be not in the network coverage or under controlling when also by work, such as, when its (may interim) operates in MANET (ad-hoc) pattern.
If security association is not known at the time point of device-to-device connection 206 and expects such security association 204, then network 3 can alternatively to equipment 1, and 2 provide encryption key 14, preferably by secure line.Advantageously, then also will find that work notice 205 is to network, this advantageously makes it possible to charge.
Can close desirably have and change general BID12,21 or peer-to-peer specific T-BID12, the mechanism of 21.Such as, once T-BID31 broadcasted 103(and independent of device-to-device session 206 whether successful setup), then it is possible that this T-BID of preservation keeps finding it in the future by malicious user.If put identical T-BID at any time again to be broadcasted, then malicious user can infer particular device nearby.Therefore alternatively it is possible that source device 1 requires that 101a network 3 upgrades its T-BID12.Network 3 then distributes new T-BID12 and by new T-BID12,21 notify that 101b, 102a are to peer-to-peer 1,2.
It is possible that network is at each T-BID12,21 redistribute T-BID12,21 and they are distributed 101b again when being used in broadcast, and 102a gives all peer-to-peers 1,2.
Then BID and peer-to-peer specific T-BID, network can provide concrete T-BID for being only findable for concrete friend/equipment group alternatively.The specific T-BID(GUGT-BID of intimate groups of users) thus can be defined for larger group.Such CUGT-BID identifier is preferably also supplied to each people in group.These those groups for static state are favourable, such as such as colleague or public safety service, such as police and fire brigade.
The specific T-BID of peer-to-peer can refresh alternatively and not relate to or informing network during device-to-device connects.This provides the degree of privacy of increase (network does not even know identifier 12,21) and it alleviates the task that network generates T-BID.
In the fig. 4 embodiment, identifier 12 is preloaded and is static.But, broadcast T-BID31 can change, such as passed through network 3(before broadcast occurs), it provides random value 51 for source device 1 and target device 2, source device 1 uses this random value 51 to calculate the growth of 103a identifier, such as by being encrypted or hash identifier 12, and target device 2 can use this random value 51 decipher and verify 109 identifiers.
The embodiment of Fig. 4 is particularly advantageous when changing group fast, and wherein group member has identifier each other, but and not all obtains identical random value.
Referring in first example of Fig. 4, close to before finding, peer-to-peer 1,2 are assigned with 207 is called p it-BID(p 1for source device 1, p 2for first object equipment 2, p 3for the second target device 2 etc.).
Operator 3 receives from source device 1 the message 101c that it wants to find first, second, third and fourth target device 2.Operator 3 detects that first, second, third and fourth target device 2 is close.5th and the 6th target device also can be close, but not in the list of source device 1.Therefore 5th and the 6th target device will not find.
Operator 3 adopts length to be p i 2random number x, and to calculate for first object equipment 2: for p 2, x 2=xmodp 2; And for the 3rd target device 2 same so (being not used in second and the 4th target device, because they are not close in this example).Alternatively, source device 1 provides random number x for operator 3.
102bx is sent to source device 1 by operator 3.Operator 3 is by 102x 2send to first object equipment 2, and by x 4send to the 3rd target device 2.In this article, x 2and x 4it is the expression 21 of identifier 12.
Source device 1 broadcasts 103 random value x31, and all peer-to-peer 2(that can reach hopefully comprise first object equipment 2 and the 3rd target device 2) can 109x be verified i==xmodp iwhether set up.Value x31 is used as now second of identifier and represents, because it may be used for identity verification in target device 2.
First and the 3rd target device 2 can make response 106: receive message, and equipment can set up device-to-device communication session, use the security association received from server 3 possibly.
5th and the 6th target device also will receive random value x31, but its information is very limited, and (they do not receive the x from operator 3 ivalue) to such an extent as to can not find out that who is calling out or to such an extent as to can not use it to follow the trail of and follow the tracks of.
Likely source device 1 for next broadcast 103 reuse r31 through revision.This is at the p of the first equipment 1 understand target equipment 2 ivalue when be possible.If it is known, then it can use (multiple) least common multiple (LCM) of the two to obtain for its x i==xmodp istill the new x set up, i.e. x'=x+kLCM (p 2, p 3deng).In this article, k should not take prime number and preferably take the multiple of prime number to prevent the too many information of the LCM abandoned about used identifier.The benefit of this solution is, without any change for target device, its answer is still identical.
Referring in second example of Fig. 4, close to before finding, peer-to-peer 1,2 are assigned with 207 is called p it-BID(p 1for source device 1, p 2for first object equipment 2, p 3for the second target device 2 etc.).Identity is each other informed to peer-to-peer 1,2, and such as therefore source device 1 knows the T-BID of first object equipment 2, and the second target device 2 knows the T-BID of source device 1.
Operator 3 receives from source device 1 the message 101c that it wants to find first, second, third and fourth target device 2.Operator 3 detects that first, second and the 4th target device 2 are close.5th and the 6th target device also may be close, but not in the list of source device 1.Therefore 5th and the 6th target device will not find.
Operator 3 adopts random number r, and for second and the 4th target device 2 calculate x=hash (T-BID source device 1|| r) and again x i=xmodp i.Alternatively, source device 1 provides random number r for operator 3.
Random value r is sent 102b to source device 1 by operator 3.Operator 3 is by (x 2, r) send 102 to first object equipment 2, and by (x 4, r) send to the 3rd target device 2.In this article, x 2and x 4it is the expression 21 of identifier 12.
Source device 1 broadcasts 103x31, and all peer-to-peer 2(that can reach hopefully comprise first object equipment 2 and the 3rd target device 2) can 109x be verified i==xmodp iwhether set up.Value x31 is used as now second of identifier and represents, because it may be used for identity verification in target device 2.
First and the 3rd target device 2 can make response 106: receive message, and by return in target device 2 calculate 108 hash (p i|| r) prove its reliability.
As in embodiment before, network 3 can relate to exchange encryption keys 14, thus provides added security and make it possible to charge to successful proximity test.
The example of Fig. 4 is also suitable for following situation: an equipment 1,2 is wanted to find only another equipment 1,2.Then network 3 only notifies these particular peers.
Describe following exemplary embodiment independently close to discovery procedure, wherein equipment 1,2 self determine what to be broadcasted for Finding possibility.Network 3 or third party still can relate to announcement apparatus 1, and 2 about possible close, such as, relate to proximity test.Independently close in discovery procedure, assuming that before existed at any time contact or by alternate manner exchange identification, such as use near field chip in source device 1 and target device 2 (such as by by equipment 1,2 keep together and make rocks gesture and triggers), bar code or label, the user's input identifier scanned on another device screen, use wifi, use the third-party application of such as Facebook and so on or any alternate manner.
Fig. 5 shows and automatically forgets stacking independent of discovery procedure of the inverse hash of option based on having.The example of Fig. 5 is particularly useful in the environment with many peer-to-peers 1,2 of very likely again meeting.Peer-to-peer 1,2 self determine broadcast 103 what and second of identifier 12 how in encrypted broadcast signals represent 31 or make it fuzzy.The expression 31 of the T-BID be broadcasted can change in time, becomes very difficult to make tracking and tracking.
Be in both source device 1 in device-to-device communication session and target device 2 can generate 101 random T-BID12 and add salt figure 51.Two equipment 1,2 uses last hash and adds salt figure 51 and take as any hash function of input recursively calculates the n-th hash 21.Then first hash is calculated as hash 1=hash (T-BID adds salt figure), and all hash are subsequently calculated as hash (last hash, adds salt figure).In order to calculate the n-th hash 21, can such as use following code:
In this article, T-BID12 is identifier 12, and n-th hash of T-BID is the first expression 21 of identifier 12, and adds the 3rd expression 51 that salt figure is identifier 12.
Equipment 1,2 exchange its n-th hash and add salt figure in step 102 and 107.
In this stage, source device 1 and target device 2 have enough information the latter half contact each other need not related network 3 or other third party any.
Upper once they near time (being described by frame 209), source device 1 (n-1)th hash 31 of T-BID can be broadcast as T-BID second represent 31.Then target device 2 can calculate 108 hash (hash n-1, add salt figure) and=last hash.The earwig knowing hash function will not know salt adding value 51 and therefore can not find out whose positive called.
Alternatively, it is close that neighbouring equipment 1,2 can notify about them by network 3 in close to the proximity test process before discovery procedure.Like that, the needs for persistent surveillance broadcast singal and relevant battery depletion can be avoided.
Because two equipment 1,2 have many hash, thus they can determine for such as every day or they each time near time use different hash.If then they broadcast second of 103T-BID represent that 31 as hash, then they such as can comprise at broadcast singal 30 the Counter Value k indicating them to broadcast which hash.Value k can such as indicate (n-k) hash (n-th subtracts k hash) to represent that 31 are included in broadcast singal 30 as second of identifier.
Alternatively, provide k by timer, such as based on from last device-to-device communication session through number of days or hourage.This may be used for introducing (expiry) method expiry, and it will make the stacking minimizing in time of hash and finally break " equity " of two equipment 1,2.If equipment 1,2 such as again meet after its initial security association has expired, then they must experience initial close to discovery procedure again.
If calculate 108 hash on the target device 2 Hash T-BID31 that must arrive at each, then the exemplary embodiment of Fig. 5 computationally can become high strength.By depending on network 3, this can indicate when listening broadcast reduces.Alternatively, this can be reduced by the several broadcast hash (therefore n-k being added to broadcast) of series connection.In like fashion, target device 2 can check whether it expects (n-k) hash from one of its peer-to-peer and then determine to calculate many of 108(for the broadcast arrived) (recurrence) hash.
Fig. 5 advantageously works close to discovery procedure, when namely box lunch does not exist the network coverage (need not relate to network).In addition, it has the mechanism forgetting peer-to-peer after a certain time that may be used for charging or subscribe to object, and allows the mechanism of the computational load of the calculating recurrence hash reduced in the broadcast 103 of all arrivals.
As the distortion of the example of Fig. 5, likely equipment 1,2 self determine to use what random value to carry out encrypted identifier 12.When identifier exchanged (such as providing before proximity test process or by network) time, network or third party need not relate to apparatus for establishing to devices communicating session.This replaceable process can work as follows.
First, source device 1 calculates random value 51 and calculates hash (R||T-BID), and R is random value 51, T-BID is identifier 12.T-BID can be such as the specific T-BID(of peer-to-peer such as b or j, as shown in the form of the example of Fig. 2), this means whom it can specify in calling or whose called.T-BID can be such as security association T-BID(SA-T-BID), if specified one.
Next, source device 1 broadcasts R|| hash (R||T-BID).(multiple) target device 2 receiving broadcast determines whether they mate for the T-BID computing function hash (R||T-BID) in its memory (comprising himself possibly).If the coupling of finding, then the conclusion that can draw depends on that what T-BID is broadcasted.If source device 1 broadcasts the T-BID representing himself identity, then can infer that source device 1 can reach by target device 2.If source device 1 broadcasts the T-BID of identity representing target device 2, then only will find and the mating of himself identity as the target device 2 of called party.Malicious user still can find out the positive called of target device 2, but can not find out who is in calling.If source device 1 broadcast from common security association T-BID(its can comprise T-BID and/or T-SA-BID of source device 1 and/or (multiple) target device 2), then target device 2 can determine its positive called.
The advantage of this distortion of Fig. 5 is, source device 1 self can determine how to make himself be known and provide the privacy of high level, and who is broadcasting to allow Network finding.The latter is for such as charging reason or lawful intercept but favourable.Additional advantage is, does not need to relate to network and thus process also works when not having the network coverage.
The example of Fig. 6 illustrates mixed type solution, and wherein network or third party provide and will be used for adding salt figure in hash function.The example of Fig. 6 is the distortion of the example of Fig. 4 and Fig. 5, and especially favourable when many peer-to-peers 1,2 are met most probably again.Peer-to-peer 1,2 retain such as identifier 12 and so on about information each other, they can use this information to identify each other or find next T-BID in session subsequently.
In the example of fig. 6, two equipment 1,2 be in device-to-device session all generate random T-BID.They notify 101 T-BID12 selected each other.Pre-qualified moment (such as every night or the pre-qualified time interval), network 3(or other third party any) salt figure 51 will be added distribute 107 to equipment 1,2.Alternatively or alternatively, network 3(or third party) can detect two equipment 1,2 near and want to provide 107 to add salt figure when talk.(multiple) target device 2 obtains first of the known T-BID12 of 102 equipment 1,2 by calculating hash (T-BID adds salt figure) for all T-BID12 and represents 21, namely as received in notifying process 101.By calculating second expression 31 of the T-BID31 used by source device 1, the T-BID12 for himself performs identical calculations 210 to source device.Second of T-BID represents that 31 are broadcasted 103 and are received in (multiple) target device 2.(multiple) target device 2 represent first of calculated T-BID 21 represent 31 with second of received T-BID12 compared with 105,108, and verify whether 109 find coupling.
The advantage of the example of Fig. 6 is, it is computationally lower than the intensity of the example depending on quick change parameter (such as receiving random value) and calculate hash when receiving random value at every turn.It is still for the broadcast 1 of identifier 12 provides sufficient privacy.
Fig. 1-6 shows the different examples of exemplary embodiment of the present invention.The invention is not restricted to shown example.The step illustrated in one example can such as in other example, although not shown.This example be identifier Hash, utilize bill, additional challenge-response to verify and use encryption key 14 pairs of data encryptions.Other shown step can be optional, the transmission 106 of such as acknowledge message and the foundation of device-to-device communication session 206.
In some instances, hash function is used for the growth 21,31 of compute identifiers 12.Be appreciated that and can alternatively use random value 51 to create growth 21, other mathematical function any of 31.Random value 51 can be such as the random number that generates in server 3 or in source device 1 or its growth, generate in server 3 or in source device 1 add salt figure.
Identifier 12 may be used for group addresing.Such as, T-BID may be used for indicating equipment 1, the positive called of a certain group of 2.The equipment 1,2 belonging to group receives the identifier 12 representing this group.In order to find miscellaneous equipment, the growth of equipment compute identifiers 12, such as, depend on current date and/or time or other random value 51 any, and it can by equipment 1, and 2 is jointly known and do not exchange random value 51.Thus second growth 31 of identifier can be calculated as x=hash (date || group identifier).Source device 1 broadcasts 103x, and (multiple) target device 2 of group receives x and carrys out the first growth 21 of compute identifiers by performing identical calculations hash (date || group identifier).If the first growth 21 mates with the 3rd growth 31, then close to finding successfully.
Generally speaking, if random value 51 is time-varying parameters, then random value 51 can be selected to and makes to change lentamente, such as when random value 51 is current date once a day.In this case, the calculating of hash (date || group identifier) or hash (date || identifier) can only calculate once every day.Once complete this calculating, then only must make and compare 109.In the example of Fig. 5 and Fig. 6, this may advantageously cause performing less calculating, and reason is that the hash of miscellaneous equipment only calculates once every day.
One embodiment of the present of invention can be implemented as the program product for computer system.(multiple) program of program product limits the function (comprising method described herein) of embodiment and can be included in various non-transitory computer-readable storage media.Illustrative computer-readable recording medium includes but not limited to: (i) what for good and all store information thereon can not write storage medium (the read-only memory equipment in such as computer, such as by the solid state non-volatile semiconductor memory of readable CD-ROM dish, rom chip or any type of CD-ROM drive); And (ii) store the storage medium write (floppy disk in such as flash memory, disc driver or hard disk drive or the solid-state random-access semiconductor memory of any type) of the information of changing thereon.

Claims (14)

1., for the close method found between source device (1) and one or more target device (2), described method comprises:
The first data (11) that (101) comprise identifier (12) are received in source device (1);
The second data (20) that (102) comprise the first expression (21) of identifier (12) are received in target device (2);
The second signal (30) represented of identifier (31) is comprised by source device (1) broadcast (103);
(104) described signal (30) is received in target device (2); And
In target device, represent first of identifier (12) that (21) and second of identifier (12) represent that compared with (31), (105) are to obtain the close comparative result found for being successfully established.
2. method according to claim 1, also comprises the acknowledge message (40) transmitting from target device (2) to source device (1) and (106) depend on comparative result.
3., according to the method for claim 1 or claim 2, wherein identifier (12) is the interim broadcast identifier identifying target device (2) uniquely, and wherein identifier (12) is associated with source device (1) by target device (2).
4. according to the method for claim 1 or claim 2, wherein source device (1) and one or more target device (2) forming device group, and wherein identifier (12) identifies described equipment group.
5., according to the method for claim 3 or claim 4, wherein the first the second expression (31) representing (21) and identifier (12) of identifier (12), identifier (12) is identical.
6. according to the method for any one in claim 1-5, wherein:
Source device (1) and one or more target device (2) are configured to be communicatively connected to network, and wherein receive (101,102) first data (11) and the second data (20) from the server (3) network; Or
(101,102) first data (11) and the second data (20) are received from source device (1).
7. method according to claim 6, also be included in target device (2) the 3rd data (50) receiving (107) and comprise the 3rd expression (51) of identifier (12), wherein first of identifier represents that (21) are the growths of the identifier obtained by the first mathematical function, described first mathematical function uses identifier (12) and random number to carry out the growth of compute identifiers as input, wherein the 3rd of identifier (12) the represents that (51) are random numbers, and wherein comparison step (105) comprising:
Use second mathematical function identical with the first mathematical function to calculate the growth of (108) identifier, described second mathematical function uses the second expression (31) of identifier (12) and the 3rd of identifier (12) to represent that (51) are as input; And
The growth calculated of identifier and first of identifier (12) are represented compared with (21) (109),
Wherein random number be following in one:
In the server or the random number generated in source device (1);
What generate in server (3) or in source device (1) adds salt figure;
The growth of the other random number obtained in server (3) or in source device (1) by the 3rd mathematical function, described 3rd mathematical function uses the source identifier of other random number and identification sources equipment (1) to calculate the growth of random number as input.
8., according to the method for claim 6 or claim 7, wherein the second data (20) also comprise ticket identifier (22), and described method also comprises:
Comprise the bill data (10) of ticket identifier (22), the first data (11) and the 4th data (13) from server (3) reception (110) in source device (1);
(111) ticket identifier (22) is transmitted to obtain the copy (41) of the 4th data (13) be associated with ticket identifier (22) from target device (2) to server (3); And
Receive the copy (41) of (112) the 4th data (13) from server (3) in target device (2),
The copy (41) that wherein acknowledge message (40) comprises the 4th data (13) is verified for utilizing the 4th data (13) in source device (1).
9., according to the method for any one in claim 6-8, also comprise and ask the first data (11), the second data (20) and/or bill data (10) to be charged by the operator of server (3) to from source device (1) or target device (2).
10. according to Claim 8 or the method for claim 9, also comprise:
(113) first challenge datas (32) are received from source device (1) in target device (2); And
In target device (2), use the 4th mathematical function such as hash function the first challenge data (32) to be calculated to the first challenge data (42) (114) derived from,
Wherein acknowledge message (40) also comprises the first challenge data (42) and second challenge data (43) of derivation, and described method also comprises:
In source device (1), use five mathematical function identical with the 4th mathematical function the first challenge data (32) to be calculated to the first challenge data (42) (115) derived from, for compared with first challenge data (42) of received derivation;
In source device (1), use the 6th mathematical function the second challenge data (43) to be calculated to the second challenge data (33) (116) derived from;
The second challenge data (33) derived from is transmitted (117) to target device (1);
In target device (2), use seven mathematical function identical with the 6th mathematical function the second challenge data (43) to be calculated to the second challenge data (33) (118) derived from, for compared with second challenge data (33) of received derivation.
11. methods according to claim 10, wherein bill data (10) also comprises encryption key (14), wherein said method is also included in from the encryption key (14) that server (3) reception (119) is associated with ticket identifier (22) server (3) in target device (1), and wherein the 4th, the 5th, the 6th and the 7th mathematical function comprises the encryption function using encryption key (14).
12. 1 source device (1), its be arranged to use according to the method for any one in claim 1-11 perform with one or more target device (2) close to discovery procedure.
13. 1 kinds of target devices (2), its be arranged to use according to the method for any one in claim 1-11 perform with source device (1) close to discovery procedure.
14. 1 kinds of networks, it comprises source device according to claim 12 (1) and one or more target device according to claim 13 (2).
CN201480018193.1A 2013-01-25 2014-01-23 Between communicating mobile devices in 3GPP LTE close to discovery, certification and link establishment Active CN105144655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910188008.8A CN110034940B (en) 2013-01-25 2014-01-23 Proximity discovery, authentication and link establishment between communicating mobile devices in 3GPP LTE

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP13152725 2013-01-25
EP13152725.1 2013-01-25
PCT/EP2014/051318 WO2014114711A1 (en) 2013-01-25 2014-01-23 Proximity discovery, authentication and link establishment between communication mobile devices in 3gpp lte

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201910188008.8A Division CN110034940B (en) 2013-01-25 2014-01-23 Proximity discovery, authentication and link establishment between communicating mobile devices in 3GPP LTE

Publications (2)

Publication Number Publication Date
CN105144655A true CN105144655A (en) 2015-12-09
CN105144655B CN105144655B (en) 2019-04-02

Family

ID=47630187

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201480018193.1A Active CN105144655B (en) 2013-01-25 2014-01-23 Between communicating mobile devices in 3GPP LTE close to discovery, certification and link establishment
CN201910188008.8A Active CN110034940B (en) 2013-01-25 2014-01-23 Proximity discovery, authentication and link establishment between communicating mobile devices in 3GPP LTE

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201910188008.8A Active CN110034940B (en) 2013-01-25 2014-01-23 Proximity discovery, authentication and link establishment between communicating mobile devices in 3GPP LTE

Country Status (7)

Country Link
US (2) US9820134B2 (en)
EP (2) EP2826223B1 (en)
JP (2) JP6145177B2 (en)
KR (2) KR101879916B1 (en)
CN (2) CN105144655B (en)
ES (2) ES2922212T3 (en)
WO (1) WO2014114711A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108933804A (en) * 2017-05-26 2018-12-04 中移物联网有限公司 A kind of peer-to-peer network construction method and device

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10798540B2 (en) * 2017-02-14 2020-10-06 Panasonic Intellectual Property Management Co., Ltd. Information apparatus, communication apparatus, and communication method for information apparatus
ES2922212T3 (en) * 2013-01-25 2022-09-09 Koninklijke Kpn Nv Network-assisted proximity discovery, authentication and link establishment between mobile communication devices in LTE 3GPP
US9210562B2 (en) * 2013-04-04 2015-12-08 Blackberry Limited Method and apparatus for proximity discovery for device-to-device communication
CN106134232B (en) * 2014-03-21 2019-11-26 瑞典爱立信有限公司 Certification in device-to-device discovery
EP3913940A1 (en) * 2014-11-27 2021-11-24 Koninklijke KPN N.V. Infrastructure-based d2d connection setup using ott services
US20160192403A1 (en) * 2014-12-30 2016-06-30 Qualcomm Incorporated Mechanism to provide lte voice, internet and embms services over ethernet for connected home architecture
EP3209085A4 (en) * 2015-01-17 2017-12-06 Huawei Technologies Co., Ltd. Call setup method and system and user equipment
JP2016149673A (en) * 2015-02-13 2016-08-18 Line株式会社 Server, and method and program for communication connection management
US9893894B2 (en) * 2015-03-13 2018-02-13 Intel IP Corporation Systems, methods, and devices for secure device-to-device discovery and communication
US10080185B2 (en) * 2015-04-10 2018-09-18 Qualcomm Incorporated Method and apparatus for securing structured proximity service codes for restricted discovery
CN106204035A (en) * 2015-04-30 2016-12-07 阿里巴巴集团控股有限公司 Off-line identity identifying method, intelligent terminal and system
KR102484306B1 (en) * 2016-03-10 2023-01-03 삼성전자주식회사 Apparatus and method for generating dynamic group
US10497191B2 (en) * 2016-08-10 2019-12-03 Elwha Llc Systems and methods for individual identification and authorization utilizing conformable electronics
US10593137B2 (en) 2016-08-10 2020-03-17 Elwha Llc Systems and methods for individual identification and authorization utilizing conformable electronics
US11005667B2 (en) * 2018-03-19 2021-05-11 Kaloom Inc. Computing device and method for performing a secure neighbor discovery
US11842331B2 (en) * 2018-10-24 2023-12-12 Capital One Services, Llc Network of trust for bill splitting
US11494757B2 (en) 2018-10-24 2022-11-08 Capital One Services, Llc Remote commands using network of trust
US10588175B1 (en) 2018-10-24 2020-03-10 Capital One Services, Llc Network of trust with blockchain
US11146415B2 (en) * 2019-11-16 2021-10-12 Microsoft Technology Licensing, Llc Message-limited self-organizing network groups for computing device peer matching

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101422058A (en) * 2006-04-19 2009-04-29 法国电信公司 Method of securing access to a proximity communication module in a mobile terminal
US20120284517A1 (en) * 2011-05-04 2012-11-08 Lambert Paul A Wireless authentication using beacon messages
WO2013009288A1 (en) * 2011-07-11 2013-01-17 Research In Motion Limited Data integrity for proximity-based communication

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1536652A1 (en) * 2003-11-28 2005-06-01 Alcatel System, method and network elements for transmitting multicast information via a Radio Network Controller not supporting multicast transmission
JP4027360B2 (en) 2004-11-08 2007-12-26 キヤノン株式会社 Authentication method and system, information processing method and apparatus
EP1915021B1 (en) * 2005-02-16 2009-09-16 Panasonic Corporation Support of mobile terminals in a multicast or broadcast service comprising a plurality of bearers
US8576846B2 (en) 2005-10-05 2013-11-05 Qualcomm Incorporated Peer-to-peer communication in ad hoc wireless network
CN101371503B (en) * 2006-01-11 2013-09-25 高通股份有限公司 Method and apparatuses for sharing bandwidth between a wide area network and local area peer-to-peer network
EP1921817A1 (en) * 2006-11-09 2008-05-14 Thomson Licensing Methods and a device for associating a first device with a second device
EP1926279A1 (en) 2006-11-21 2008-05-28 Thomson Licensing Method and a first device for associating the first device with a second device
JP4451893B2 (en) * 2007-03-27 2010-04-14 株式会社エヌ・ティ・ティ・ドコモ Mobile communication terminal, radio communication method, and mobile communication system
US9301121B2 (en) * 2007-07-11 2016-03-29 Qualcomm Incorporated Peer to peer multiple identifiers
KR101466393B1 (en) * 2007-08-03 2014-11-28 삼성전자주식회사 Method and apparatus for performing peer to peer communications in a communication system
US8862872B2 (en) * 2008-09-12 2014-10-14 Qualcomm Incorporated Ticket-based spectrum authorization and access control
US8935436B2 (en) * 2009-02-18 2015-01-13 Qualcomm Incorporated Wakeup trigger to support multiple user interfaces, environments, and/or virtual machines
BRPI1013591A2 (en) * 2009-03-26 2016-04-19 Xped Holdings Pty Ltd bi-directional wireless device communication management system
US8605625B2 (en) * 2009-04-02 2013-12-10 Qualcomm Incorporated Methods and apparatus for peer discovery in a communications system
US8666403B2 (en) * 2009-10-23 2014-03-04 Nokia Solutions And Networks Oy Systems, methods, and apparatuses for facilitating device-to-device connection establishment
US9391853B2 (en) * 2009-12-23 2016-07-12 Apple Inc. Efficient service advertisement and discovery in a peer-to-peer networking environment with dynamic advertisement and discovery periods based on operating conditions
US8649757B2 (en) * 2010-01-13 2014-02-11 Medtronic, Inc. Proximity based selection of an implantable medical device for far field communication
CN102792720B (en) * 2010-01-13 2016-04-06 瑞典爱立信有限公司 Method and apparatus in cellular network
US8934839B2 (en) * 2011-02-22 2015-01-13 Blackberry Limited Methods and apparatus to connect wireless-enabled devices
KR20120117063A (en) * 2011-04-14 2012-10-24 엘지전자 주식회사 Mobile terminal and method for determinating position thereof
JP5484396B2 (en) 2011-05-18 2014-05-07 株式会社Nttドコモ Mobile communication method and radio base station
US8832783B2 (en) * 2012-09-28 2014-09-09 Intel Corporation System and method for performing secure communications
ES2922212T3 (en) * 2013-01-25 2022-09-09 Koninklijke Kpn Nv Network-assisted proximity discovery, authentication and link establishment between mobile communication devices in LTE 3GPP

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101422058A (en) * 2006-04-19 2009-04-29 法国电信公司 Method of securing access to a proximity communication module in a mobile terminal
US20120284517A1 (en) * 2011-05-04 2012-11-08 Lambert Paul A Wireless authentication using beacon messages
WO2013009288A1 (en) * 2011-07-11 2013-01-17 Research In Motion Limited Data integrity for proximity-based communication

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108933804A (en) * 2017-05-26 2018-12-04 中移物联网有限公司 A kind of peer-to-peer network construction method and device
CN108933804B (en) * 2017-05-26 2021-12-10 中移物联网有限公司 Peer-to-peer network construction method and device

Also Published As

Publication number Publication date
JP2016512662A (en) 2016-04-28
ES2766802T3 (en) 2020-06-15
CN105144655B (en) 2019-04-02
CN110034940B (en) 2021-07-20
US9820134B2 (en) 2017-11-14
WO2014114711A1 (en) 2014-07-31
KR20180081160A (en) 2018-07-13
US20180041887A1 (en) 2018-02-08
EP2826223A1 (en) 2015-01-21
KR101879916B1 (en) 2018-07-18
KR101949116B1 (en) 2019-02-15
CN110034940A (en) 2019-07-19
EP2826223B1 (en) 2019-11-20
US20150358804A1 (en) 2015-12-10
US10237718B2 (en) 2019-03-19
KR20150106901A (en) 2015-09-22
JP6145177B2 (en) 2017-06-07
EP3621272B1 (en) 2022-04-13
JP6479092B2 (en) 2019-03-06
JP2017195606A (en) 2017-10-26
ES2922212T3 (en) 2022-09-09
EP3621272A1 (en) 2020-03-11

Similar Documents

Publication Publication Date Title
US10237718B2 (en) Proximity discovery, authentication and link establishment between mobile devices in 3GPP LTE
US9705856B2 (en) Secure session for a group of network nodes
KR101486030B1 (en) Method for combining authentication and secret keys management mechanism in a sensor network
EP2823595B1 (en) Method, apparatuses, and computer-readable storage medium for securely accessing social networking data
EP2810418B1 (en) Group based bootstrapping in machine type communication
EP2503754B1 (en) Authentication in a communications system
US11233817B2 (en) Methods and apparatus for end device discovering another end device
US20160262019A1 (en) Security method and system for supporting discovery and communication between proximity based service terminals in mobile communication system environment
US20230379168A1 (en) Relay ue and remote ue authorization
EP3096544B1 (en) Security method and system for supporting prose group communication or public safety in mobile communication
WO2018000844A1 (en) Network accessing method and device
CN114363887A (en) Code encryption
WO2018072152A1 (en) Secure communication method, apparatus, and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant